Channels

Services

Apple fixes critical vulnerabilities in Safari

Apple has released version 4.0.4 of its Safari web browser, a security update to address a total of seven vulnerabilities. In addition to performance improvements to the Nitro JavaScript engine, the browser update fixes two critical vulnerabilities that may lead to the execution of arbitrary code. According to Apple, only Windows versions of Safari are affected by the critical issues. For an attack to be successful, a victim must first open a specially crafted image within a web page in Safari or access a maliciously crafted FTP server.

Other vulnerabilities eliminated in the update affect both Windows and Mac OS X versions of Safari, including an issue in the libxml library that may lead to an unexpected application termination or the disclosure of local information. Additional updates to the WebKit browser engine correct problems in WebKit's implementation of Cross-Origin Resource Sharing and the processing of HTML 5 Media Elements, such as emails that automatically reload audio or video content without asking the user.

All users are advised to update their browsers as soon as possible. Safari 4.0.4 is available to download for Windows XP, Vista, Windows 7, Mac OS X 10.4.11, 10.5.8 and 10.6.1.